China’s meteoric rise in vehicle manufacturing underscores just how quickly the global auto landscape is shifting. This is especially toward electric powertrains and intelligent, always-connected cabins – EVs. In 2024 alone, China built 31.3 million of the 90 million cars, trucks, and buses produced worldwide. This is about 34 percent of total global output according to Inovev.
Europe feels that momentum too: French buyers increasingly choose Chinese marques such as BYD, Xpeng, Beijing, and Hongqi.
Why Sophos Is Sounding the Alarm
- Modern vehicles are essentially rolling data centers. Multiple computers, radars, lidars, cameras, and high-bandwidth radios
- China EVs permanent Internet links for navigation, infotainment, diagnostics, and over-the-air [OTA] updates.
These conveniences come with a privacy price tag. Nate Drier, Technical Lead of Sophos’ Red Team, warns:
Given the opportunity, necessity, intent, and capability, in-vehicle technology can be misused. Real-time location tracking is already standard, especially in EVs, and the same sensors that make driving safer can map and record the physical and electromagnetic environment around you.
Practical Risks for Drivers
| Scenario | What Can Happen | Why It Matters |
|---|---|---|
| Syncing your phone in a rental or rideshare car | Contact lists, messages, and call logs may be copied to the car’s storage and uploaded before you can erase them. | Your personal network and potentially business contacts are exposed. |
| Permanent OTA connections | Manufacturers [or attackers who breach them] can push silent updates or collect detailed telemetry without notice. | Location history, driving patterns, and even nearby Wi-Fi networks become a rich data trove. |
| Advanced driver-assist sensors | Cameras and lidars continuously film and scan surroundings. | Unwitting bystanders and locations are recorded, creating potential surveillance footage. |
Sophos’ Recommendations
- Think twice before pairing devices—especially in rentals or loaner vehicles.
- Review the car’s privacy settings and telemetry consent screens; opt out where possible.
- Ask the manufacturer or dealer which data they collect and how they secure OTA updates.
- Perform a full data reset before returning rental or leased vehicles.
- Keep sensitive work devices off the car’s Bluetooth and USB ports unless absolutely necessary.
Connected cars are here to stay but so is the need for cybersecurity hygiene. A few proactive steps today can keep tomorrow’s drive from becoming an unexpected data breach.
